clhq-auth-module 1.1.0-alpha.90

package/dist/auth/auth.module.d.ts

@@ -0,0 +1,2 @@
+export declare class AuthModule {
+}

package/dist/auth/auth.module.js

@@ -0,0 +1,54 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthModule = void 0;
+const common_1 = require("@nestjs/common");
+const jwt_1 = require("@nestjs/jwt");
+const config_1 = require("@nestjs/config");
+const auth_guard_1 = require("./guard/auth.guard");
+const roles_guard_1 = require("./guard/roles.guard");
+const jwt_strategy_1 = require("./strategies/jwt.strategy");
+const refresh_token_strategy_1 = require("./strategies/refresh-token.strategy");
+const refresh_token_guard_1 = require("./guard/refresh-token.guard");
+const auth0_service_1 = require("./services/auth0.service");
+let AuthModule = class AuthModule {
+};
+exports.AuthModule = AuthModule;
+exports.AuthModule = AuthModule = __decorate([
+    (0, common_1.Module)({
+        imports: [
+            config_1.ConfigModule,
+            jwt_1.JwtModule.registerAsync({
+                imports: [config_1.ConfigModule],
+                useFactory: (configService) => ({
+                    secret: configService.get('AUTH0_CLIENT_SECRET'),
+                    audience: configService.get('AUTH0_AUDIENCE'),
+                    issuer: `https://${configService.get('AUTH0_DOMAIN')}/`,
+                    signOptions: { expiresIn: '1h' },
+                }),
+                inject: [config_1.ConfigService],
+            }),
+        ],
+        providers: [
+            auth0_service_1.Auth0Service,
+            auth_guard_1.JwtAuthGuard,
+            roles_guard_1.RolesGuard,
+            jwt_strategy_1.JwtStrategy,
+            refresh_token_strategy_1.RefreshTokenStrategy,
+            refresh_token_guard_1.RefreshTokenGuard,
+        ],
+        exports: [
+            auth0_service_1.Auth0Service,
+            auth_guard_1.JwtAuthGuard,
+            roles_guard_1.RolesGuard,
+            jwt_strategy_1.JwtStrategy,
+            refresh_token_strategy_1.RefreshTokenStrategy,
+            refresh_token_guard_1.RefreshTokenGuard,
+        ],
+    })
+], AuthModule);

package/dist/auth/decorators/roles.decorator.d.ts

@@ -0,0 +1 @@
+export declare const Roles: (...roles: string[]) => import("@nestjs/common").CustomDecorator<string>;

package/dist/auth/decorators/roles.decorator.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Roles = void 0;
+const common_1 = require("@nestjs/common");
+const Roles = (...roles) => (0, common_1.SetMetadata)('roles', roles);
+exports.Roles = Roles;

package/dist/auth/dto/refresh-token.dto.d.ts

@@ -0,0 +1,3 @@
+export declare class RefreshTokenDto {
+    refreshToken: string;
+}

package/dist/auth/dto/refresh-token.dto.js

@@ -0,0 +1,22 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RefreshTokenDto = void 0;
+const class_validator_1 = require("class-validator");
+class RefreshTokenDto {
+    refreshToken;
+}
+exports.RefreshTokenDto = RefreshTokenDto;
+__decorate([
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    __metadata("design:type", String)
+], RefreshTokenDto.prototype, "refreshToken", void 0);

package/dist/auth/exceptions/auth.exceptions.d.ts

@@ -0,0 +1,25 @@
+import { HttpException } from '@nestjs/common';
+export declare class InvalidCredentialsException extends HttpException {
+    constructor();
+}
+export declare class UserAlreadyExistsException extends HttpException {
+    constructor(email: string);
+}
+export declare class InvalidTokenException extends HttpException {
+    constructor();
+}
+export declare class TokenExpiredException extends HttpException {
+    constructor();
+}
+export declare class InvalidRefreshTokenException extends HttpException {
+    constructor();
+}
+export declare class UserNotFoundException extends HttpException {
+    constructor(email: string);
+}
+export declare class InvalidInviteCodeException extends HttpException {
+    constructor();
+}
+export declare class AccountNotVerifiedException extends HttpException {
+    constructor();
+}

package/dist/auth/exceptions/auth.exceptions.js

@@ -0,0 +1,52 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccountNotVerifiedException = exports.InvalidInviteCodeException = exports.UserNotFoundException = exports.InvalidRefreshTokenException = exports.TokenExpiredException = exports.InvalidTokenException = exports.UserAlreadyExistsException = exports.InvalidCredentialsException = void 0;
+const common_1 = require("@nestjs/common");
+class InvalidCredentialsException extends common_1.HttpException {
+    constructor() {
+        super('Invalid email or password', common_1.HttpStatus.UNAUTHORIZED);
+    }
+}
+exports.InvalidCredentialsException = InvalidCredentialsException;
+class UserAlreadyExistsException extends common_1.HttpException {
+    constructor(email) {
+        super(`User with email ${email} already exists`, common_1.HttpStatus.CONFLICT);
+    }
+}
+exports.UserAlreadyExistsException = UserAlreadyExistsException;
+class InvalidTokenException extends common_1.HttpException {
+    constructor() {
+        super('Invalid or expired token', common_1.HttpStatus.UNAUTHORIZED);
+    }
+}
+exports.InvalidTokenException = InvalidTokenException;
+class TokenExpiredException extends common_1.HttpException {
+    constructor() {
+        super('Token has expired', common_1.HttpStatus.UNAUTHORIZED);
+    }
+}
+exports.TokenExpiredException = TokenExpiredException;
+class InvalidRefreshTokenException extends common_1.HttpException {
+    constructor() {
+        super('Invalid or expired refresh token', common_1.HttpStatus.UNAUTHORIZED);
+    }
+}
+exports.InvalidRefreshTokenException = InvalidRefreshTokenException;
+class UserNotFoundException extends common_1.HttpException {
+    constructor(email) {
+        super(`User with email ${email} not found`, common_1.HttpStatus.NOT_FOUND);
+    }
+}
+exports.UserNotFoundException = UserNotFoundException;
+class InvalidInviteCodeException extends common_1.HttpException {
+    constructor() {
+        super('Invalid or expired invite code', common_1.HttpStatus.BAD_REQUEST);
+    }
+}
+exports.InvalidInviteCodeException = InvalidInviteCodeException;
+class AccountNotVerifiedException extends common_1.HttpException {
+    constructor() {
+        super('Account not verified. Please check your email for verification link', common_1.HttpStatus.FORBIDDEN);
+    }
+}
+exports.AccountNotVerifiedException = AccountNotVerifiedException;

package/dist/auth/guard/auth.guard.d.ts

@@ -0,0 +1,11 @@
+import { ExecutionContext } from '@nestjs/common';
+import { Auth0Service } from '../services/auth0.service';
+declare const JwtAuthGuard_base: import("@nestjs/passport").Type<import("@nestjs/passport").IAuthGuard>;
+export declare class JwtAuthGuard extends JwtAuthGuard_base {
+    private readonly auth0Service;
+    private readonly logger;
+    constructor(auth0Service: Auth0Service);
+    canActivate(context: ExecutionContext): Promise<boolean>;
+    private extractTokenFromHeader;
+}
+export {};

package/dist/auth/guard/auth.guard.js

@@ -0,0 +1,71 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var JwtAuthGuard_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtAuthGuard = void 0;
+const common_1 = require("@nestjs/common");
+const passport_1 = require("@nestjs/passport");
+const auth0_service_1 = require("../services/auth0.service");
+const common_2 = require("@nestjs/common");
+let JwtAuthGuard = JwtAuthGuard_1 = class JwtAuthGuard extends (0, passport_1.AuthGuard)('jwt') {
+    auth0Service;
+    logger = new common_2.Logger(JwtAuthGuard_1.name);
+    constructor(auth0Service) {
+        super();
+        this.auth0Service = auth0Service;
+    }
+    async canActivate(context) {
+        const request = context.switchToHttp().getRequest();
+        const publicRoutes = ['/health', '/healthcheck', 'health', 'healthcheck'];
+        const internalServiceRoutes = [
+            '/media/transcode-video-to-hls',
+            'transcode-video-to-hls',
+        ];
+        const path = request.path || request.url?.split('?')[0] || '';
+        const isPublicRoute = publicRoutes.some((route) => path === route || path === `/${route}` || path.endsWith(route));
+        const isInternalRoute = internalServiceRoutes.some((route) => path === route || path === `/${route}` || path.endsWith(route));
+        if (isPublicRoute || isInternalRoute) {
+            return true;
+        }
+        const token = this.extractTokenFromHeader(request);
+        if (!token) {
+            throw new common_1.UnauthorizedException('No token provided');
+        }
+        try {
+            this.logger.debug('JwtAuthGuard-> requesting jwt verify token process');
+            const payload = (await this.auth0Service.validateToken(token));
+            this.logger.debug('JwtAuthGuard-> jwt token verification success');
+            request['user'] = payload;
+            return true;
+        }
+        catch (error) {
+            this.logger.error('JwtAuthGuard-> jwt token verification failed');
+            this.logger.error(error);
+            if (error instanceof common_1.UnauthorizedException) {
+                throw error;
+            }
+            throw new common_1.UnauthorizedException('Invalid token');
+        }
+    }
+    extractTokenFromHeader(request) {
+        const authHeader = request.headers?.authorization;
+        if (typeof authHeader !== 'string') {
+            return undefined;
+        }
+        const [type, token] = authHeader.split(' ');
+        return type === 'Bearer' ? token : undefined;
+    }
+};
+exports.JwtAuthGuard = JwtAuthGuard;
+exports.JwtAuthGuard = JwtAuthGuard = JwtAuthGuard_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [auth0_service_1.Auth0Service])
+], JwtAuthGuard);

package/dist/auth/guard/index.d.ts

@@ -0,0 +1,3 @@
+export * from './auth.guard';
+export * from './roles.guard';
+export * from './refresh-token.guard';

package/dist/auth/guard/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./auth.guard"), exports);
+__exportStar(require("./roles.guard"), exports);
+__exportStar(require("./refresh-token.guard"), exports);

package/dist/auth/guard/refresh-token.guard.d.ts

@@ -0,0 +1,4 @@
+declare const RefreshTokenGuard_base: import("@nestjs/passport").Type<import("@nestjs/passport").IAuthGuard>;
+export declare class RefreshTokenGuard extends RefreshTokenGuard_base {
+}
+export {};

package/dist/auth/guard/refresh-token.guard.js

@@ -0,0 +1,17 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RefreshTokenGuard = void 0;
+const common_1 = require("@nestjs/common");
+const passport_1 = require("@nestjs/passport");
+let RefreshTokenGuard = class RefreshTokenGuard extends (0, passport_1.AuthGuard)('refresh-token') {
+};
+exports.RefreshTokenGuard = RefreshTokenGuard;
+exports.RefreshTokenGuard = RefreshTokenGuard = __decorate([
+    (0, common_1.Injectable)()
+], RefreshTokenGuard);

package/dist/auth/guard/roles.guard.d.ts

@@ -0,0 +1,7 @@
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+export declare class RolesGuard implements CanActivate {
+    private reflector;
+    constructor(reflector: Reflector);
+    canActivate(context: ExecutionContext): boolean;
+}

package/dist/auth/guard/roles.guard.js

@@ -0,0 +1,46 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RolesGuard = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+let RolesGuard = class RolesGuard {
+    reflector;
+    constructor(reflector) {
+        this.reflector = reflector;
+    }
+    canActivate(context) {
+        const isPublic = this.reflector.getAllAndOverride('isPublic', [
+            context.getHandler(),
+            context.getClass(),
+        ]);
+        if (isPublic) {
+            return true;
+        }
+        const requiredRoles = this.reflector.getAllAndOverride('roles', [
+            context.getHandler(),
+            context.getClass(),
+        ]);
+        if (!requiredRoles) {
+            return true;
+        }
+        const request = context
+            .switchToHttp()
+            .getRequest();
+        const user = request.user;
+        return requiredRoles.some((role) => user.role === role);
+    }
+};
+exports.RolesGuard = RolesGuard;
+exports.RolesGuard = RolesGuard = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [core_1.Reflector])
+], RolesGuard);

package/dist/auth/index.d.ts

@@ -0,0 +1,8 @@
+export * from './auth.module';
+export * from './decorators/roles.decorator';
+export * from './dto/refresh-token.dto';
+export * from './guard';
+export * from './interfaces/auth.interface';
+export * from './services/auth0.service';
+export * from './strategies/jwt.strategy';
+export * from './strategies/refresh-token.strategy';

package/dist/auth/index.js

@@ -0,0 +1,24 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./auth.module"), exports);
+__exportStar(require("./decorators/roles.decorator"), exports);
+__exportStar(require("./dto/refresh-token.dto"), exports);
+__exportStar(require("./guard"), exports);
+__exportStar(require("./interfaces/auth.interface"), exports);
+__exportStar(require("./services/auth0.service"), exports);
+__exportStar(require("./strategies/jwt.strategy"), exports);
+__exportStar(require("./strategies/refresh-token.strategy"), exports);

package/dist/auth/interfaces/auth.interface.d.ts

@@ -0,0 +1,26 @@
+export interface AuthResponse {
+    accessToken: string;
+    refreshToken?: string;
+    user: {
+        email: string;
+        firstName?: string;
+        lastName?: string;
+        mobile?: string;
+        features: string[];
+        isOnboarded: boolean;
+    };
+}
+export interface JwtPayload {
+    email: string;
+    sub: string;
+    role: string;
+}
+export interface TokenResponse {
+    accessToken: string;
+    refreshToken: string;
+}
+export interface UserPayload {
+    id: string;
+    email: string;
+    role: string;
+}

package/dist/auth/interfaces/auth.interface.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/auth/services/auth0.service.d.ts

@@ -0,0 +1,8 @@
+import { ConfigService } from '@nestjs/config';
+export declare class Auth0Service {
+    private readonly configService;
+    private jwksClient;
+    constructor(configService: ConfigService);
+    private getKey;
+    validateToken(token: string): Promise<any>;
+}

package/dist/auth/services/auth0.service.js

@@ -0,0 +1,92 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Auth0Service = void 0;
+const common_1 = require("@nestjs/common");
+const jwt = __importStar(require("jsonwebtoken"));
+const jwksRsa = __importStar(require("jwks-rsa"));
+const config_1 = require("@nestjs/config");
+let Auth0Service = class Auth0Service {
+    configService;
+    jwksClient;
+    constructor(configService) {
+        this.configService = configService;
+        const domain = this.configService.get('AUTH0_DOMAIN');
+        this.jwksClient = new jwksRsa.JwksClient({
+            jwksUri: `https://${domain}/.well-known/jwks.json`,
+            cache: true,
+            rateLimit: true,
+            jwksRequestsPerMinute: 10,
+        });
+    }
+    getKey(header, callback) {
+        this.jwksClient.getSigningKey(header.kid, (err, key) => {
+            if (err) {
+                return callback(err, null);
+            }
+            const signingKey = key.getPublicKey();
+            callback(null, signingKey);
+        });
+    }
+    async validateToken(token) {
+        return new Promise((resolve, reject) => {
+            jwt.verify(token, this.getKey.bind(this), {
+                algorithms: ['RS256'],
+                audience: this.configService.get('AUTH0_AUDIENCE'),
+                issuer: `https://${this.configService.get('AUTH0_DOMAIN')}/`,
+            }, (err, decoded) => {
+                if (err) {
+                    console.error('Token validation error:', err);
+                    return reject(new common_1.UnauthorizedException('Invalid token'));
+                }
+                resolve(decoded);
+            });
+        });
+    }
+};
+exports.Auth0Service = Auth0Service;
+exports.Auth0Service = Auth0Service = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [config_1.ConfigService])
+], Auth0Service);

package/dist/auth/strategies/jwt.strategy.d.ts

@@ -0,0 +1,15 @@
+import { Strategy } from 'passport-jwt';
+import { ConfigService } from '@nestjs/config';
+declare const JwtStrategy_base: new (...args: [opt: import("passport-jwt").StrategyOptionsWithRequest] | [opt: import("passport-jwt").StrategyOptionsWithoutRequest]) => Strategy & {
+    validate(...args: any[]): unknown;
+};
+export declare class JwtStrategy extends JwtStrategy_base {
+    private readonly configService;
+    constructor(configService: ConfigService);
+    validate(payload: any): Promise<{
+        userId: any;
+        email: any;
+        role: any;
+    }>;
+}
+export {};

package/dist/auth/strategies/jwt.strategy.js

@@ -0,0 +1,57 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtStrategy = void 0;
+const common_1 = require("@nestjs/common");
+const passport_1 = require("@nestjs/passport");
+const passport_jwt_1 = require("passport-jwt");
+const config_1 = require("@nestjs/config");
+const jwks_rsa_1 = __importDefault(require("jwks-rsa"));
+let JwtStrategy = class JwtStrategy extends (0, passport_1.PassportStrategy)(passport_jwt_1.Strategy) {
+    configService;
+    constructor(configService) {
+        const domain = configService.get('AUTH0_DOMAIN');
+        const jwksClient = (0, jwks_rsa_1.default)({
+            jwksUri: `https://${domain}/.well-known/jwks.json`,
+            cache: true,
+            rateLimit: true,
+            jwksRequestsPerMinute: 10,
+        });
+        super({
+            jwtFromRequest: passport_jwt_1.ExtractJwt.fromAuthHeaderAsBearerToken(),
+            ignoreExpiration: false,
+            secretOrKeyProvider: (request, token, done) => {
+                jwksClient.getSigningKey(token.header.kid, (err, key) => {
+                    if (err) {
+                        return done(err, null);
+                    }
+                    const signingKey = key.getPublicKey();
+                    done(null, signingKey);
+                });
+            },
+            audience: configService.get('AUTH0_AUDIENCE'),
+            issuer: `https://${domain}/`,
+            algorithms: ['RS256'],
+        });
+        this.configService = configService;
+    }
+    async validate(payload) {
+        return { userId: payload.sub, email: payload.email, role: payload.role };
+    }
+};
+exports.JwtStrategy = JwtStrategy;
+exports.JwtStrategy = JwtStrategy = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [config_1.ConfigService])
+], JwtStrategy);

package/dist/auth/strategies/refresh-token.strategy.d.ts

@@ -0,0 +1,15 @@
+import { Strategy } from 'passport-jwt';
+import { ConfigService } from '@nestjs/config';
+declare const RefreshTokenStrategy_base: new (...args: [opt: import("passport-jwt").StrategyOptionsWithRequest] | [opt: import("passport-jwt").StrategyOptionsWithoutRequest]) => Strategy & {
+    validate(...args: any[]): unknown;
+};
+export declare class RefreshTokenStrategy extends RefreshTokenStrategy_base {
+    private readonly configService;
+    constructor(configService: ConfigService);
+    validate(payload: any): Promise<{
+        userId: any;
+        email: any;
+        role: any;
+    }>;
+}
+export {};

package/dist/auth/strategies/refresh-token.strategy.js

@@ -0,0 +1,57 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RefreshTokenStrategy = void 0;
+const common_1 = require("@nestjs/common");
+const passport_1 = require("@nestjs/passport");
+const passport_jwt_1 = require("passport-jwt");
+const config_1 = require("@nestjs/config");
+const jwks_rsa_1 = __importDefault(require("jwks-rsa"));
+let RefreshTokenStrategy = class RefreshTokenStrategy extends (0, passport_1.PassportStrategy)(passport_jwt_1.Strategy, 'jwt-refresh') {
+    configService;
+    constructor(configService) {
+        const domain = configService.get('AUTH0_DOMAIN');
+        const jwksClient = (0, jwks_rsa_1.default)({
+            jwksUri: `https://${domain}/.well-known/jwks.json`,
+            cache: true,
+            rateLimit: true,
+            jwksRequestsPerMinute: 10,
+        });
+        super({
+            jwtFromRequest: passport_jwt_1.ExtractJwt.fromAuthHeaderAsBearerToken(),
+            ignoreExpiration: false,
+            secretOrKeyProvider: (request, token, done) => {
+                jwksClient.getSigningKey(token.header.kid, (err, key) => {
+                    if (err) {
+                        return done(err, null);
+                    }
+                    const signingKey = key.getPublicKey();
+                    done(null, signingKey);
+                });
+            },
+            audience: configService.get('AUTH0_AUDIENCE'),
+            issuer: `https://${domain}/`,
+            algorithms: ['RS256'],
+        });
+        this.configService = configService;
+    }
+    async validate(payload) {
+        return { userId: payload.sub, email: payload.email, role: payload.role };
+    }
+};
+exports.RefreshTokenStrategy = RefreshTokenStrategy;
+exports.RefreshTokenStrategy = RefreshTokenStrategy = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [config_1.ConfigService])
+], RefreshTokenStrategy);

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+export * from './auth';
+export * from './middlewares/AuthMiddleware';

package/dist/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./auth"), exports);
+__exportStar(require("./middlewares/AuthMiddleware"), exports);

package/dist/middlewares/AuthMiddleware.d.ts

@@ -0,0 +1,9 @@
+import { NestMiddleware } from '@nestjs/common';
+import { Request, Response } from 'express';
+import { Auth0Service } from '../auth/services/auth0.service';
+export declare class AuthMiddleware implements NestMiddleware {
+    private readonly auth0Service;
+    private readonly logger;
+    constructor(auth0Service: Auth0Service);
+    use(req: Request, res: Response, next: () => void): Promise<void>;
+}

package/dist/middlewares/AuthMiddleware.js

@@ -0,0 +1,62 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var AuthMiddleware_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthMiddleware = void 0;
+const common_1 = require("@nestjs/common");
+const lodash_1 = require("lodash");
+const auth0_service_1 = require("../auth/services/auth0.service");
+let AuthMiddleware = AuthMiddleware_1 = class AuthMiddleware {
+    auth0Service;
+    logger = new common_1.Logger(AuthMiddleware_1.name);
+    constructor(auth0Service) {
+        this.auth0Service = auth0Service;
+    }
+    async use(req, res, next) {
+        const bearerHeader = req.headers.authorization;
+        const accessToken = bearerHeader && bearerHeader.split(' ')[1];
+        if (!bearerHeader) {
+            throw new common_1.ForbiddenException('Authorization header is missing');
+        }
+        if (!accessToken) {
+            throw new common_1.ForbiddenException('Token is missing');
+        }
+        try {
+            this.logger.debug('requesting jwt verify token process');
+            const decodedToken = (await this.auth0Service.validateToken(accessToken));
+            const userEmail = (0, lodash_1.get)(decodedToken, 'https://clippyhq.com/email', '');
+            const user = {
+                id: decodedToken?.sub,
+                email: userEmail,
+            };
+            this.logger.debug('token');
+            this.logger.debug({ sub: decodedToken.sub, email: userEmail });
+            if (user) {
+                res.locals.user = user;
+                res.locals.email = user?.email;
+                req['customer'] = user;
+                this.logger.debug('customer found. Request updated to use customer data...');
+            }
+            this.logger.debug('jwt token verification success');
+        }
+        catch (error) {
+            this.logger.error('jwt token verification failed');
+            this.logger.error(error);
+            this.logger.debug('jwt token verification failed.');
+        }
+        next();
+    }
+};
+exports.AuthMiddleware = AuthMiddleware;
+exports.AuthMiddleware = AuthMiddleware = AuthMiddleware_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [auth0_service_1.Auth0Service])
+], AuthMiddleware);

package/package.json

@@ -0,0 +1,50 @@
+{
+  "name": "clhq-auth-module",
+  "version": "1.1.0-alpha.90",
+  "description": "Reusable Auth module for NestJS, ready for npm publishing.",
+  "author": "khanzzirfan <reacthub.ai@gmail.com>",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist/**/*"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/reacthub-pricematch/clhq-api-monorepo"
+  },
+  "publishConfig": {
+    "registry": "https://registry.npmjs.org/",
+    "access": "public"
+  },
+  "bugs": {
+    "url": "https://github.com/reacthub-pricematch/clhq-api-monorepo/issues"
+  },
+  "license": "MIT",
+  "scripts": {
+    "build": "yarn exec tsc -p tsconfig.json",
+    "test": "jest",
+    "version:upgrade:alpha": "standard-version --prerelease alpha",
+    "release": "npm publish --tag alpha",
+    "release:alpha": "npm publish --tag alpha",
+    "release:prealpha": "",
+    "clean:build": "rimraf .build",
+    "clean:dist": "rimraf dist",
+    "clean:webpack": "rimraf .webpack",
+    "clean:serverless": "rimraf .serverless",
+    "clean:all": "npm run clean:build&& npm run clean:dist&& npm run clean:webpack&& npm run clean:serverless",
+    "format": "prettier --write \"src/**/*.ts\"",
+    "lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix"
+  },
+  "peerDependencies": {
+    "@nestjs/common": ">=11.0.0",
+    "@nestjs/core": ">=11.0.0"
+  },
+  "devDependencies": {
+    "class-transformer": "^0.5.1",
+    "class-validator": "^0.14.2",
+    "compression": "^1.7.4",
+    "reflect-metadata": "^0.2.2",
+    "rxjs": "^7.8.2",
+    "standard-version": "^9.5.0"
+  }
+}